package edu.whu.tao.intercepter;

import edu.whu.tao.annotation.ClearAuth;
import edu.whu.tao.annotation.Logical;
import edu.whu.tao.annotation.RequiresRoles;
import edu.whu.tao.constant.CommonConstants;
import edu.whu.tao.util.AuthUtils;

import java.lang.reflect.Method;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.xiaoleilu.hutool.util.CollectionUtil;
import com.xiaoleilu.hutool.util.StrUtil;


public abstract class AuthIntercepter extends HandlerInterceptorAdapter {
	
	private static final Logger logger = LoggerFactory.getLogger(AuthIntercepter.class);

	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
		HttpSession session = request.getSession();
		String path = request.getContextPath();
		if ((handler instanceof HandlerMethod)) {
			HandlerMethod handlerMethod = (HandlerMethod) handler;
			logger.debug("类{}的{}方法执行", handlerMethod.getBean(), handlerMethod.getMethod());
			Class clazz = handlerMethod.getBean().getClass();
			Method method = handlerMethod.getMethod();
			String[] roles = null;
			Logical logical = Logical.OR;
			RequiresRoles clazzRoles = (RequiresRoles) clazz.getAnnotation(RequiresRoles.class);
			RequiresRoles methodRoles = (RequiresRoles) method.getAnnotation(RequiresRoles.class);
			ClearAuth clearAuth = (ClearAuth) method.getAnnotation(ClearAuth.class);
			if (clazzRoles != null) {
				roles = clazzRoles.value();
				logical = clazzRoles.logical();
			}
			if (clearAuth != null) {
				roles = null;
			}
			if (methodRoles != null) {
				roles = methodRoles.value();
				logical = methodRoles.logical();
			}
			//不需要权限
			if (roles == null) {
				return true;
			}
			String strRoles = (String)session.getAttribute(CommonConstants.ROLES_KEY);
			//没有权限信息
			if (strRoles == null) {
				//response.sendRedirect(path + "/toLogin.do");
				handleNotLogin(request, response, handlerMethod);
				return false;
			}
			String[] hasRoles = null;
			if (StrUtil.isBlank(strRoles)) {
				hasRoles = (String[]) CollectionUtil.newArray(String.class, 0);
			}
			hasRoles = StrUtil.split(strRoles, StrUtil.COMMA);
			boolean isPermit = AuthUtils.isPermit(roles, logical, hasRoles);
			if (isPermit) {
				return true;
			}
			//未授权
			//response.sendRedirect(path + "/denied.do");
			handleNotPermit(request, response, handlerMethod);
			return false;
		}
		return true;
	}
	
	public abstract boolean handleNotLogin(HttpServletRequest request,HttpServletResponse response,Object handler) throws Exception ;
	
	public abstract boolean handleNotPermit(HttpServletRequest request,HttpServletResponse response,Object handler) throws Exception ;
	
}
